problems when updating a table

Question

problems when updating a table

Asked 9 years, 3 months ago

Viewed 73 times

2

I’m a beginner in php. Does anyone know why it’s not working? It does the correct update of integer values, but if it is a string of letters it does not work

html It will type here a url to do the update

<input type="text" id="url_video">

salva php.

$con = mysqli_connect("localhost","root","","database_name");

$resultado = mysqli_query($con,"Select * from video");

    echo "<table class='table'>".
        "<thead>".
             "<tr>".
                "<td>ID</td>".
                "<td>url_video</td>".
             "</tr>".
        "</thead><tbody>";
while($valor = mysqli_fetch_array($resultado)){
    echo "<tr>".
            "<td>".$valor['ID']."</td>".
            "<td>".$valor['url_video']."</td>".
            "<td><input type='button' value='Update' class='btn-update' data-id='".$valor['ID']."'>"."</td>".
         "</tr>";
}
echo "</tbody></table>";

ajax I send the typed string (url) and pass the id of the selected column.

$(document).ready(function(){
    $('.btn-update').click(function(){
        var id = $(this).data('id');
        var string = $('#url_video').val();
        $.ajax({
            url: "tabelaUpdate.php",
            data: { 'idDeUpdate' : id,
                    'url_video' : string
                  },
            type: "POST",
            cache: false,
            success: function(response){
                $('#result').html(response); 
            }
        })
    });
});

php tableUpdate.php

$con = mysqli_connect("localhost","root", "", "database_name");
$id = $_POST['idDeUpdate'];
$string_url = $_POST['url_video'];


mysqli_query($con,"Update video SET url_video=$string_url WHERE ID=$id");
echo "ID -> ".$id." URL -> ".$string_url;

Just out of curiosity, why are you using suppression (@) on mysql_connect?

– Bacco

2015/03/26 at 05:33
if I don’t, this message-> Deprecated: mysql_connect(): The mysql Extension is deprecated and will be Removed in the Future: use mysqli or PDO Instead

– Jose Maximilian

2015/03/26 at 05:36
And isn’t it better to fix it than to hide the alert? Tip: Take advantage of the fact that you’re building the application and replace it with mysqli, instead of having to redo everything when you remove this function from PHP. (including why today you are running a risk of Injection in this AJAX, by the way it does update).

– Bacco

2015/03/26 at 05:37
I made some changes to the code using mysqli.

– Jose Maximilian

2015/03/26 at 05:50
It is good that you have put the salva.php as well. It can help someone to find the problem. This seems problematic to me: var string = $('#url_video').val();, will always get the first URL, no?

– Bacco

2015/03/26 at 05:53
First of all, connect in the bank (serves a client type Heidisql) and check if the column url_video is as varchar. If not, switch to varchar that you must solve. If you post the schematic of the table that we replicate more accurately. D

– Fernando Cordeiro

2015/03/26 at 06:01
could resolve! mysqli_query($con,"Update video SET url_video='$string_url' WHERE ID=$id"); missing single quotes

– Jose Maximilian

2015/03/26 at 06:07
@Josemaximilian vc tested with more than one value to make sure the 2nd video tb works?

– Bacco

2015/03/26 at 06:08
it worked, I just used a text box to test it. I mean, it type the url and then will press one of the update buttons. further I put an input text inside the loop to do the update.

– Jose Maximilian

2015/03/26 at 06:22
That’s right, take the test with more than one, 'cause I think it’s gonna make a difference between $('#url_video').val(); and the $(this).data('urlvideo'); that I put in the answer. If something is missing, let us know, because I did the answer without having to test here for your specific case. I may have made some syntax error.

– Bacco

2015/03/26 at 06:24
Could you give me some tips? I had printed a text type input inside the while loop: "<td><input type='text' value='".$valor['url_video']."' style='width: 400px;' id='url-video'></td>". , within that input is printed to url do vídeo, by clicking on the btn update, I have it update the selected input field var string = $('#url-video').val(); the problem is that it only updates the first column url_video, while the others is only made a copy of this first to other fields.

– Jose Maximilian

2015/03/26 at 16:17

Show 6 more comments

1 answer

Browser other questions tagged php ajax

You are not signed in. Login or sign up in order to post.

by Bacco • **93,720** points · Answer 1 · 2015-03-26T06:02:02+00:00

I would suggest changing this line:

"<td><input type='button' value='Update' class='btn-update' data-id='".$valor['ID']."'>"."</td>"

for this:

"<td><input type='button' value='Update' class='btn-update' data-id='".$valor['ID']."' data-urlvideo='".$valor['url_video']."'>"."</td>"

And in JS pick up the two parameters using .data:

  var id = $(this).data('id');
  var string = $(this).data('urlvideo');

It is also appropriate, as suggested by @Fernando, to check if the DB table is the correct type in the field url_video, which must be textual, such as char or varchar.

To complete, I would swap this line for "bind": instead of using string concatenation (so you solve the missing quotes problem, and protect yourself from Injection):

Replace:

mysqli_query($con,"Update video SET url_video=$string_url WHERE ID=$id");

For:

$stmt = mysqli_prepare($con,"Update video SET url_video=? WHERE ID=?");
mysqli_stmt_bind_param($stmt, 'si', $string_url, $id);
$stmt->execute();

So you’re minimizing the chance SQL Injection.